Home › Companies › Iru › SOC Manager
SOC Manager
Iru · Miami · On Site · Active · Lever
Job facts
| Field | Value |
|---|---|
| Company | Iru |
| Title | SOC Manager |
| Normalized title | - |
| Department / team | G&A / Security and Trust |
| Location | Miami, FL, United States |
| Work model | On Site |
| Employment type | - |
| Salary | - |
| Status | active |
| ATS provider | Lever |
| Posted / first seen | 2026-04-24 / 2026-05-29 |
| Changed / last seen | 2026-05-29 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Iru. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Lever. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in Miami. | Open |
| Department jobs | Active postings in G&A. | Open |
| Work model jobs | Active On Site postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Iru |
| Source | 280f567e-c20d-4c1f-9d80-e5a1aa4d714f |
| ATS provider | Lever |
Description
About Iru
Iru is the AI-powered security & IT platform used by the world’s fastest-growing companies to secure their users, apps, and devices. Built for the AI era, Iru unifies identity & access, endpoint security & management, and compliance automation—collapsing the stack and giving IT & security time and control back.
Iru is backed by some of the smartest investors in tech—General Catalyst, Tiger Global, Felicis, Greycroft, and First Round Capital. In July 2024, Iru raised $100 million from General Catalyst, valuing the company at $850 million. Customers include Notion, Cursor, Lovable, Replit, and Mercor, and Iru partners with industry leaders such as ServiceNow and AWS. Iru was named to Forbes’ America’s Best Startup Employers 2025 list for employee engagement and satisfaction.
The Opportunity:
Iru is building a next-generation Security Operations function to support a modern SaaS platform spanning Identity, Endpoint Management, EDR, and cloud-native infrastructure.
We are seeking a SOC Manager to lead and mature a hybrid SOC model, combining internal capabilities with our MDR partner (Managed SOC Provider). This role is accountable for defining how security operations run at Iru—owning governance, detection strategy, incident response, and operational excellence.
You will act as the central owner of security operations, ensuring we have strong visibility, fast response, and continuous improvement across our environment.
Benefits & Perks
Competitive salary
Hybrid work environment (3 days in office per week)
100% individual and dependent medical + dental + vision coverage
401(K) with a 4% company match
20 days PTO
Iru Wellness Week the first week in July
Equity for full-time employees
In-office lunch stipend provided
Up to 16 weeks of paid leave for new parents
Paid Family and Medical Leave
Modern Health mental health benefits for individuals and dependents
Fertility benefits
Working Advantage employee discounts
Onsite fitness center
Free parking
Exciting opportunities for career growth
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Iru, we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
Iru is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law. #LI-Hybrid
Day To Day:
SOC Governance & Operating Model
Define and operationalize the SOC mission, scope, and service boundaries
Establish a clear roles, responsibilities, and escalation hierarchy
Build and maintain a RACI model across internal teams and Managed SOC Provider
Own the effectiveness and maturity of Iru’s hybrid SOC model
Operational Ownership & Execution
Clearly define and enforce ownership across:
Detection engineering
Threat intelligence
Tier 1 alert triage
24/7 monitoring
Incident response leadership
Threat hunting
Escalation investigations
Establish and manage the “first call” model for security incidents at Iru
Serve as incident commander for high-severity events or delegate appropriately
MDR (Managed SOC Provider) Management
Own the operational relationship with Managed SOC Provider
Ensure alignment on:
Alert triage quality and consistency
Escalation thresholds and timelines
Detection coverage across environments
Incident response coordination
Hold Managed SOC Provider accountable to defined SLAs and performance expectations
Continuously improve MDR effectiveness through feedback loops and tuning
Detection Engineering
Build and maintain a central detection catalog
Align detections to MITRE ATT&CK where applicable
Partner with internal teams and Managed SOC Provider to:
Develop new detections
Tune and optimize existing rules
Reduce false positives and noise
Ensure detection coverage across:
Identity (Iru Identity, Entra)
Endpoint (EM / EDR)
Cloud (AWS)
SaaS and integrations
Data & Telemetry Strategy
Maintain a complete inventory of all telemetry sources across:
Endpoint, Identity, Cloud, Network, SaaS
For each data source:
Define system owner
Confirm ingestion into Panther SIEM
Validate data quality and coverage
Drive onboarding of new log sources to close visibility gaps
Incident Response Framework
Design and maintain Iru’s incident response framework, including:
Incident classification and severity model
Evidence collection standards
Containment and remediation procedures
Recovery processes
Post-incident review and lessons learned
Ensure consistent execution across internal teams and Managed SOC Provider
Runbooks & Playbooks
Develop and maintain:
Alert triage procedures
Investigation runbooks
Incident response playbooks
Ensure all runbooks are actionable, tested, and continuously improved
Threat Intelligence & Hunting
Integrate threat intelligence into detection and response workflows
Define ownership model for threat intelligence (internal vs MDR)
Establish proactive threat hunting capabilities
Evaluate and integrate external threat hunting services as needed
SOC Metrics & Reporting
Define and track key SOC KPIs:
Mean Time to Detect (MTTD)
Mean Time to Respond (MTTR)
Alert volume and trends
False positive rates
Detection coverage and gaps
Provide regular reporting to Security Leadership and executive stakeholders
Use metrics to drive SOC maturity and continuous improvement
Nice to haves, but NOT required:
Prior experience helping mature or build a security operations program from the ground up.
Background in threat hunting or detection engineering.
Experience integrating Wiz or similar cloud posture management tools into a SIEM workflow.
Knowledge of security automation frameworks, including alert enrichment and workflow orchestration.
Hands-on experience supporting hybrid (Mac + Windows) endpoint environments.
Full job record
| Job ID | 3e5d9b28cc50195b4269ec2bff211dcdde43ef41 |
| Org ID | e40a55cb-6f98-49ac-b5bd-35cb0dc5eedf |
| Source ID | 280f567e-c20d-4c1f-9d80-e5a1aa4d714f |
| Board ID | 280f567e-c20d-4c1f-9d80-e5a1aa4d714f |
| Provider | lever |
| Provider Job Key | 89b51fe2-a250-4c16-a00d-9f37dea3f259 |
| Title | SOC Manager |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Miami |
| Department | G&A |
| Team | Security and Trust |
| Employment Type | — |
| Workplace Type | on_site |
| Remote Policy | — |
| Country | United States |
| Region | FL |
| City | Miami |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://jobs.lever.co/iru/89b51fe2-a250-4c16-a00d-9f37dea3f259 |
| Apply URL | https://jobs.lever.co/iru/89b51fe2-a250-4c16-a00d-9f37dea3f259/apply |
| First Seen At | 2026-05-29 07:00:32Z |
| Last Seen At | 2026-06-06 19:42:37Z |
| Last Checked At | 2026-06-06 19:42:37Z |
| Last Changed At | 2026-05-29 07:00:32Z |
| Inactive At | — |
| Source Posted At | 2026-04-24 19:28:01Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=lever/board=iru/date=2026-06-06/2026-06-06T19-42-36-168Z-db6b499f52013e7499a58980059b17434258927a49b53b0fd04083f8b1f50752.json |
Event Fields
{
"content_hash": "aa5a843160b73a95ab715caead082539f77f016bd0e46fc92a17395f176a0f9c",
"source_hash": "eb35dc3bac90f6a65d6b3c1533bdf0ba8590af85a28859382fc43ab0b8a6c863",
"last_changed_at": "2026-05-29T07:00:32.584Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Miami",
"city": "Miami",
"region": "FL",
"country": "United States",
"is_remote": false,
"confidence": 0.75
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T19:42:37.077Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "Miami",
"city": "Miami",
"region": "FL",
"country": "United States",
"is_remote": false,
"confidence": 0.75
},
"countries": [
"United States"
]
},
"remote_policy": null,
"salary_period": null,
"workplace_type": "on_site",
"salary_currency": null
}Extensions
{}Native Structured
{
"lists": [
{
"text": "Day To Day:",
"content": "<div>\n<h4><strong>SOC Governance & Operating Model</strong></h4>\n\n<li>\n<p>Define and operationalize the SOC mission, scope, and service boundaries</p>\n</li>\n<li>\n<p>Establish a clear roles, responsibilities, and escalation hierarchy</p>\n</li>\n<li>\n<p>Build and maintain a RACI model across internal teams and Managed SOC Provider</p>\n</li>\n<li>\n<p>Own the effectiveness and maturity of Iru’s hybrid SOC model</p>\n</li>\n\n<h4><strong>Operational Ownership & Execution</strong></h4>\n\n<li>\n<p>Clearly define and enforce ownership across:</p>\n\n</li><li>\n<p>Detection engineering</p>\n</li>\n<li>\n<p>Threat intelligence</p>\n</li>\n<li>\n<p>Tier 1 alert triage</p>\n</li>\n<li>\n<p>24/7 monitoring</p>\n</li>\n<li>\n<p>Incident response leadership</p>\n</li>\n<li>\n<p>Threat hunting</p>\n</li>\n<li>\n<p>Escalation investigations</p>\n</li>\n\n\n<li>\n<p>Establish and manage the “first call” model for security incidents at Iru</p>\n</li>\n<li>\n<p>Serve as incident commander for high-severity events or delegate appropriately</p>\n</li>\n\n<h4><strong>MDR (Managed SOC Provider) Management</strong></h4>\n\n<li>\n<p>Own the operational relationship with Managed SOC Provider</p>\n</li>\n<li>\n<p>Ensure alignment on:</p>\n\n</li><li>\n<p>Alert triage quality and consistency</p>\n</li>\n<li>\n<p>Escalation thresholds and timelines</p>\n</li>\n<li>\n<p>Detection coverage across environments</p>\n</li>\n<li>\n<p>Incident response coordination</p>\n</li>\n\n\n<li>\n<p>Hold Managed SOC Provider accountable to defined SLAs and performance expectations</p>\n</li>\n<li>\n<p>Continuously improve MDR effectiveness through feedback loops and tuning</p>\n</li>\n\n<h4><strong>Detection Engineering</strong></h4>\n\n<li>\n<p>Build and maintain a central detection catalog</p>\n</li>\n<li>\n<p>Align detections to MITRE ATT&CK where applicable</p>\n</li>\n<li>\n<p>Partner with internal teams and Managed SOC Provider to:</p>\n\n</li><li>\n<p>Develop new detections</p>\n</li>\n<li>\n<p>Tune and optimize existing rules</p>\n</li>\n<li>\n<p>Reduce false positives and noise</p>\n</li>\n\n\n<li>\n<p>Ensure detection coverage across:</p>\n\n</li><li>\n<p>Identity (Iru Identity, Entra)</p>\n</li>\n<li>\n<p>Endpoint (EM / EDR)</p>\n</li>\n<li>\n<p>Cloud (AWS)</p>\n</li>\n<li>\n<p>SaaS and integrations</p>\n</li>\n\n\n\n<h4><strong>Data & Telemetry Strategy</strong></h4>\n\n<li>\n<p>Maintain a complete inventory of all telemetry sources across:</p>\n\n</li><li>\n<p>Endpoint, Identity, Cloud, Network, SaaS</p>\n</li>\n\n\n<li>\n<p>For each data source:</p>\n\n</li><li>\n<p>Define system owner</p>\n</li>\n<li>\n<p>Confirm ingestion into Panther SIEM</p>\n</li>\n<li>\n<p>Validate data quality and coverage</p>\n</li>\n\n\n<li>\n<p>Drive onboarding of new log sources to close visibility gaps</p>\n</li>\n\n<h4><strong>Incident Response Framework</strong></h4>\n\n<li>\n<p>Design and maintain Iru’s incident response framework, including:</p>\n\n</li><li>\n<p>Incident classification and severity model</p>\n</li>\n<li>\n<p>Evidence collection standards</p>\n</li>\n<li>\n<p>Containment and remediation procedures</p>\n</li>\n<li>\n<p>Recovery processes</p>\n</li>\n<li>\n<p>Post-incident review and lessons learned</p>\n</li>\n\n\n<li>\n<p>Ensure consistent execution across internal teams and Managed SOC Provider</p>\n</li>\n\n<h4><strong>Runbooks & Playbooks</strong></h4>\n\n<li>\n<p>Develop and maintain:</p>\n\n</li><li>\n<p>Alert triage procedures</p>\n</li>\n<li>\n<p>Investigation runbooks</p>\n</li>\n<li>\n<p>Incident response playbooks</p>\n</li>\n\n\n<li>\n<p>Ensure all runbooks are actionable, tested, and continuously improved</p>\n</li>\n\n<h4><strong>Threat Intelligence & Hunting</strong></h4>\n\n<li>\n<p>Integrate threat intelligence into detection and response workflows</p>\n</li>\n<li>\n<p>Define ownership model for threat intelligence (internal vs MDR)</p>\n</li>\n<li>\n<p>Establish proactive threat hunting capabilities</p>\n</li>\n<li>\n<p>Evaluate and integrate external threat hunting services as needed</p>\n</li>\n\n<h4><strong>SOC Metrics & Reporting</strong></h4>\n\n<li>\n<p>Define and track key SOC KPIs:</p>\n\n</li><li>\n<p>Mean Time to Detect (MTTD)</p>\n</li>\n<li>\n<p>Mean Time to Respond (MTTR)</p>\n</li>\n<li>\n<p>Alert volume and trends</p>\n</li>\n<li>\n<p>False positive rates</p>\n</li>\n<li>\n<p>Detection coverage and gaps</p>\n</li>\n\n\n<li>\n<p>Provide regular reporting to Security Leadership and executive stakeholders</p>\n</li>\n<li>\n<p>Use metrics to drive SOC maturity and continuous improvement</p>\n</li>\n\n</div>"
},
{
"text": "Nice to haves, but NOT required:",
"content": "<div>\n\n<li>\n<p>Prior experience helping mature or build a security operations program from the ground up.</p>\n</li>\n<li>\n<p>Background in threat hunting or detection engineering.</p>\n</li>\n<li>\n<p>Experience integrating Wiz or similar cloud posture management tools into a SIEM workflow.</p>\n</li>\n<li>\n<p>Knowledge of security automation frameworks, including alert enrichment and workflow orchestration.</p>\n</li>\n<li>\n<p>Hands-on experience supporting hybrid (Mac + Windows) endpoint environments.</p>\n</li>\n\n</div>"
}
],
"country": "US",
"createdAt": 1777058881136,
"updatedAt": null,
"categories": {
"team": "Security and Trust",
"location": "Miami",
"department": "G&A",
"allLocations": [
"Miami"
]
},
"salaryRange": null,
"workplaceType": "onsite"
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/3e5d9b28cc50195b4269ec2bff211dcdde43ef41?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/e40a55cb-6f98-49ac-b5bd-35cb0dc5eedfJSONGET https://api.bluedoor.sh/job-postings/v1/sources/280f567e-c20d-4c1f-9d80-e5a1aa4d714fJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/3e5d9b28cc50195b4269ec2bff211dcdde43ef41/eventsJSON